diff options
| author | Luke Howard <lukeh@padl.com> | 2009-10-21 18:21:50 +0000 |
|---|---|---|
| committer | Luke Howard <lukeh@padl.com> | 2009-10-21 18:21:50 +0000 |
| commit | 8df202e9f06b58a590b33665d701ef2dd34317f3 (patch) | |
| tree | 80444e9f2011cc4c490b6fa1cc833f8e99362a11 /src/kdc/kdc_util.c | |
| parent | 7895c562802c7b19fc49678b761339b1de45df4d (diff) | |
| download | krb5-8df202e9f06b58a590b33665d701ef2dd34317f3.tar.gz krb5-8df202e9f06b58a590b33665d701ef2dd34317f3.tar.xz krb5-8df202e9f06b58a590b33665d701ef2dd34317f3.zip | |
Allow the constrained delegation authorization method to use the evidence ticket client name as input to the authorization decision
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22963 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/kdc/kdc_util.c')
| -rw-r--r-- | src/kdc/kdc_util.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c index ba2c4b53f..9ad832e8a 100644 --- a/src/kdc/kdc_util.c +++ b/src/kdc/kdc_util.c @@ -2238,6 +2238,7 @@ kdc_process_s4u2self_req(krb5_context context, static krb5_error_code check_allowed_to_delegate_to(krb5_context context, + krb5_const_principal client, const krb5_db_entry *server, krb5_const_principal proxy) { @@ -2258,6 +2259,7 @@ check_allowed_to_delegate_to(krb5_context context, req.server = server; req.proxy = proxy; + req.client = client; req_data.data = (void *)&req; req_data.length = sizeof(req); @@ -2312,7 +2314,9 @@ kdc_process_s4u2proxy_req(krb5_context context, /* Backend policy check */ errcode = check_allowed_to_delegate_to(kdc_context, - server, proxy_princ); + t2enc->client, + server, + proxy_princ); if (errcode) { *status = "NOT_ALLOWED_TO_DELEGATE"; return errcode; |